Back to top anchor
Close main menu
Open main menu Close main menu

Important changes to Privacy Act

Issue date

Some changes to the Privacy Act to protect personal information in the digital age come into effect on December 1 and here's a rundown of what you need to know.

When: From December 1, 2020

What: Changes to the Privacy Act mean businesses must:

  • not destroy personal information if someone asks for information held about them
  • report serious privacy breaches
  • check personal information disclosed with overseas companies will have similar protection to New Zealand.

The revamped act gives the privacy commissioner greater powers. This includes:

  • ordering a business to give a person their personal information
  • issuing a compliance notice if a business fails to comply with the Privacy Act.

Why: The Privacy Act aims to keep personal information safe and secure. The law updates reflect changes in technology and the ways business is done online and offline. 

What you need to do: If someone asks for their personal information held by your business, you must respond within 20 working days.

If there’s a serious privacy breach in your business, you must report it to the office of the privacy commissioner.

You can only disclose personal information to an overseas company if its country has similar protections to our Privacy Act. This does not apply to overseas cloud-based services.

Decide who in your business will take the lead on privacy matters. This could be you, an office manager, or another trusted worker. This person will be your privacy officer.

Privacy Act 2020 — Office of the Privacy Commissioner

Privacy Act overhaul to protect personal information in digital age